漏洞平台

POC详情： 28d59488e79d00da2f01c6d117183e211843064c

来源

https://github.com/JeneralMotors/CVE-2023-23752

关联漏洞

标题： Joomla 安全漏洞 (CVE-2023-23752)
描述：Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla 4.0.0版本至4.2.7版本存在安全漏洞，该漏洞源于不正确的访问检查，允许对web服务端点进行未经授权的访问。

描述

An access control flaw was identified, potentially leading to unauthorized access to critical webservice endpoints within Joomla! CMS versions 4.0.0 through 4.2.7. This vulnerability could be exploited by attackers to gain unauthorized access to sensitive information or perform unauthorized actions.

介绍

# CVE-2023-23752

## Description

This repository contains Python and Bash scripts that serve as ports of the original Proof of Concept (PoC) written in Ruby for the vulnerability CVE-2023-23752 in Joomla! CMS versions 4.0.0 through 4.2.7 made by 'noraj' (Alexandre ZANNI). An access control flaw was identified, potentially leading to unauthorized access to critical webservice endpoints. This vulnerability could be exploited by attackers to gain unauthorized access to sensitive information or perform unauthorized actions.

## Usage:

### Bash script syntax:
```bash
./CVE-2023-23752.sh http://example.com
```
### Python script syntax:
```bash
python CVE-2023-23752.py -u example.com
```
| Option             | Description                                       |
|--------------------|---------------------------------------------------|
| `-u`, `--url`      | URL to scan                                       |
| `-f`, `--file`     | Path to the file containing URLs to scan          |
| `-o`, `--output_file` | Path to the output file (optional)               |
| `-e`, `--endpoint` | Endpoint to scan (default: /api/index.php/v1/config/application?public=true) |
| `-t`, `--timeout`  | Timeout in seconds (default: 2)                  |
| `-m`, `--max_threads` | Maximum number of threads (default: 10)          |

## Disclaimer
Important: These scripts are provided for educational purposes only. Use them at your own risk. The author assumes no responsibility for any misuse or damage caused by these scripts. Ensure that you have explicit permission to test the target system for vulnerabilities before using these scripts in any environment.

文件快照


 [4.0K]  /data/pocs/28d59488e79d00da2f01c6d117183e211843064c
├── [4.7K]  CVE-2023-23752.py
├── [2.7K]  CVE-2023-23752.sh
├── [ 34K]  LICENSE
└── [1.6K]  README.md

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。